Star Health confirms data breach, takes legal action & launches investigation

Posted on by

Star Health Insurance, a leading standalone health insurer, has acknowledged a data security breach and announced that it is actively working to address the situation. The company has initiated a comprehensive forensic investigation, which is being overseen by independent cybersecurity experts to uncover the extent of the breach.

Breach flagged online

The breach, involving the Chennai-based health insurance firm, gained significant attention on social media after compromised customer data surfaced on an online platform. This revelation has sparked widespread concern, with many people, including customers, expressing their fears and frustrations on social media, further amplifying the issue.

“We acknowledge that we were the victim of a targeted malicious cyberattack, resulting in unauthorised and illegal access to certain data. We make it absolutely clear that our operations remain unaffected, and all services continue without disruption,” the company said in a statement.

A thorough and rigorous forensic investigation, led by independent cybersecurity experts, is currently underway. The company is working closely with government and regulatory authorities at every stage, including promptly reporting the incident to both insurance and cybersecurity regulatory bodies and filing a criminal complaint.

In response to the breach, Star Health approached the Madras High Court, which issued an order directing all parties, including third parties, to disable access to the compromised information. The company assured that it is diligently ensuring the implementation of this order.

The company also stated that the company’s Chief Information Security Officer (CISO) has been fully cooperative with the investigation, and no evidence of wrongdoing on his part has been found so far.

‘Comply with HC order’

“We request that his privacy be respected, especially because the threat actor is attempting to create unwarranted panic. It is important to reiterate that any unauthorized acquisition, possession, or dissemination of customer data is illegal. We call upon all platforms, hosting providers, social media channels, and users to take swift and decisive action to stop such activities and comply with the High Court’s directives,” it said.

Star Health further reassured its customers and partners that it has strong security measures in place and that safeguarding the privacy and security of their data remains the company’s top priority. “All of our rights under the law and contractual agreements are fully reserved,” the statement concluded, it added.